Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

gone.fishing writes to tell us that a new lawsuit is challenging the government's right to read your e-mail. The Minneapolis Star-Tribune is reporting that a seller of "natural male enhancement" products sued after a fraud indictment based on evidence gleaned from his electronic mail. Federal prosecutors say they don't need a search warrant to read your e-mail messages if those messages happen to be stored in someone else's computer."

Even if your e-mail is stored on another individual's computer seized under a search warrant, the government cannot use this information as evidence.

According to the Federal Search and Seizure Manual written by the Department of Justice:

See United States v. Upham,168 F.3d 532, 535 (1st Cir. 1999). First, the warrant must describe the things to be seized with sufficiently precise language so that it tells the officers how to separate the items properly subject to seizure from irrelevant items. See Marron v. United States, 275 U.S. 192, 296 (1925) ("As to what is to be taken, nothing is left to the discretion of the officer executing the warrant."); Davis v. Gracey, 111 F.3d 1472, 1478 (10th Cir. 1997). Second, the description of the things to be seized must not be so broad that it encompasses items that should not be seized. See Upham, 168 F.3d at 535. Put another way, the description in the warrant of the things to be seized should be limited to the scope of the probable cause established in the warrant. See In re Grand JuryInvestigation Concerning Solid State Devices, 130 F.3d 853, 857 (9th Cir. 1997). Considered together, the elements forbid agents from obtaining "general warrants" and instead require agents to conduct narrow seizures that attempt to "minimize[] unwarranted intrusions upon privacy." Andresen v. Maryland, 427 U.S. 463, 482 n.11 (1976).

Even if found by coincidence the "natural male enhancement" e-mails would not be admissible in a court of law, they would be considered hearsay.

This has nothing to do with Public Domain and everything to do with WHO has the expectation of privacy.

An analogy if you will. Suppose you and I commit a crime, the evidence of which is stashed at your house. The police come busting down your door without a warrant and find said evidence. In this case, your right to privacy has been violated and the evidence found cannot be used against you. However, this evidence can still be used against me. Why? Because I had no expectation of privacy IN YOUR HOUSE. As far as the law is concerned, the evidence found against me is as legitimate as if you had turned it in yourself.

Back to the email thing, the minute you send an email to an outside party, you voluntarily concede your expectation of privacy as YOU were the one who freely divulged whatever information was in that email.

That's not the argument they're making. They're arguing that since you don't own the computer the message is stored on, you have no right to privacy.

That makes no sense, however. I don't own the phone network once it leaves my house (more precisely, the NID), but I have a right to privacy as defined by quite a bit of legislation.

That right there is the key. There is quite a bit of legislation protecting phone conversations. There isn't similar legislation in the case of emails.

In addition to that, the police do not need a warrant if they have permission from the owner. For example, if you get pulled over by the police, they don't need a warrant to search your car if they ask you for permission and you say "yes". Similarly, if they ask Verizon for the emails in a user's account, and Verizon gives it to them, it is perfectly legal without a warrant. The theory is that if the owner does not object to the search/seizure, then it must not be unreasonable.

Your assertion is not unlike suggesting that I have no expectation of privacy in postal mail because for a length of time it was in the posession of a Federal agency, the US Post Office.

And that would be completely correct if it wasn't for a set of special laws protecting the US Post Office- that same set of laws has NOT been passed for the Internet. If you want them- you need to write your congress critter.

I agree with your post but there's a small detail I want to correct. In your example, if you are a customer of Verizon, they might not be able to legally give your emails to the police without a warrant. That depends on the contract they have with you (most likely the TOS). But it is likely the TOS does not include such protections for you.

They could still legally give your emails to the police, but then they would be in breach of contract. At that point, you would have to file a civil case against them. The emails would still be considered admissible evidence in a criminal case against you.

Yes. It means that you and everyone you know are going to have to read the instructions on your mail client on how to encrypt and decrypt your mail. You can do it on any client that supports it, though most webmail clients do not directly (though you could write the email in a text editor, encrypt that, and attach the file to an email). You will all have to meet in order to exchange public keys securely and keep your private keys safe.

As a matter of black letter law, the 4th Amendment does not protect "what a person knowingly reveals to the public." (Katz) Previous cases have held that your garbage, your bank records, and even phone records may be obtained without a warrant, provided that they are obtained from the third parties with which you are dealing and not your home.

There is federal statutory law on email (though I don't recall the precise citation) that treats email as a hybrid between telephone conversations and documents. To read your email in real-time as it comes in, the government requires a warrant. If you leave it on your ISP's mail server for longer than some period of time (not sure how long, but it's something longer than an hour and less than a month), then the email is treated as a document and can be obtained like any other record.

Normally a warrant to search a house, tap a phone or intercept email requires probable cause. However, this requirement is different if "a substantial purpose" of the investigation is foreign intelligence surveillance. In that case the warrant can be obtained with something less than probable cause under FISA as modified by USA Patriot Act (though there are still pretty stringent requirements; the gov doesn't get carte blanc to snoop on anybody)

Long story short, if you don't want it read, don't leave it on somebody else's server and don't do anything that would convince a judge that you pose a threat to the country.

I, for one, don't want to have to try to teach my parents how to use PGP so the government won't find out I'm planning to arrive for Christmas dinner at 2PM.

If you really don't want the government to know, you have many options

Phone, where lots of legislation will protect your call unless they have a warrant or your're the target of a warrentless tap.

Skype, where the communication is encrypted and so protected unless the government goes to skype/ebay with a warrant.

Physical mail, where there are laws protecting you, and it's kinda hard to read without the tampering being detected.

Nothing to hide -- if you're not expecially interesting to the government, noone will bother to read when you showed up at Christmas, so email is perfectly fine. The practical matter is that though your email probably ends up in archives and databases at the NSA (if your ISP is AT&T = http://www.wired.com/news/technology/0,70619-0.htm l [wired.com]) noone will ever see it if your life is boring enough.

It was protected as well. But it wasn't in his home, it was in the homes of the people he sent it to. He's claiming not that the government shouldn't be able to search his mail, but that the government shouldn't be able to search the mail of the people filing complaints about him even if they give permission for the search. In short, he's claiming that mail in someone else's mailbox belongs to him and he can control access to it. Which is wrong.

The "Stored Communications Act of 1986" clearly needs to be updated, which is another example of why we need to keep a close eye on technology-specific legislation. Today's good idea becomes tomorrows loophole (for gov and criminals alike - both of which will take full advantage without thinking twice).

But the one thing that has never changed since the dawn of written communication is this: If you don't want something read, then don't write it down. Especially if you're laundering money from the insecure and poorly-endowed... because that's just wrong!

Correction to number 4: If any of your data happens to cross AT&T's pipes. Having AT&T as your ISP of course would put you at risk, but since so many ISPs in the US use AT&Ts pipes, many such would be vulnerable to illegal NSA spying without having AT&T directly affiliated. Traceroute for the win.

To add to your point. Letters in seeled envelopes {sp} are protected postcards are not. If I send a postcard I can't assume that only the addressed recipient will turn it over and read it. But, I can assume the the seeled envelope will arrive seeled.

Although many folks like to think of email as the electronic equivalent of the sealed envelope snail mail, it really is not.

Email is exactly the equivalent of a postcard in the snail mail system. Anyone, anywhere, along it's path from sender to receiver, can "turn it over" and read what is written on it.

If someone really wants the sealed envelope method of mail, they need to use gpg to encrypt the email body so that only the recipient can read it.

Is it a "search" as to you under the 4th amendment if the government reads your e-mail off the server it's stored on?

If it is a 4th amendment search, the government needs a search warrant or some "reasonable" excuse to make the search legal. If it's a search and it's not "reasonable," it's a Constitutional violation, and the evidence would have to be excluded under the judge-made "exclusionary rule." But there's the "as to you" part, as well. The courts won't let you assert someone else's 4th amendment rights; if they illegally kick in Joe's door down the street and find a bundle of dope with your name, address, and social security number printed on it, the government can't use it against Joe, but well, you're shit out of luck. Usually.

Once upon a time the courts had a fairly elaborate "standing" analysis, but ever since 60s when the 4th amendment stopped meaning what it says and started applying to "a socially reasonable expectation of privacy," the analysis is a little more complicated. Going back to the example above: would you have an expectation of privacy that society would find reasonable in keeping your drugs in Joe's house? The courts would say no-- first of all, it's dope; and second, you handed it over to a third person; for all you know, Joe could take your dope and run it straight to the police.

But the Courts have made it more complicated. If you're spending the night at Joe's house, then you, as an overnight guest, have a "socially reasonable" expectation of privacy. But if you're just there for a drug deal, you don't. The question in this case boils down to: do you have an expectation of privacy, that society considers reasonable, in your e-mail when it's stored on a public server?

There's really two ways you can go about answering this question: the first is what I guess you'd call an analyticial analysis: by storing your e-mail on a server, how easy is it for someone, anyone else to read it? How often does that happen? The second would be a values analysis: what do people use e-mail for? How private is it? How important is it to keep the government from reading your e-mail? Etc.

But you'll have to make up your own minds as to this question. I think the "reasonable expectation of privacy" analysis is bunk, and that the 4th amendment was never intended to protect mail or e-mail. But then I'm something of a strict constructionist myself.

The article isn't 100% clear but it doesn't sound to me as though the emails in question were spam. It seems more likely that they were communications relating to his business with incriminating evidence in them. He's being charged with mail fraud and money laundering, not with sending spam.

That's not the argument they're making. They're arguing that since you don't own the computer the message is stored on, you have no right to privacy.That makes no sense, however. I don't own the phone network once it leaves my house (more precisely, the NID), but I have a right to privacy as defined by quite a bit of legislation.

That right there is the key. There is quite a bit of legislation protecting phone conversations. There isn't similar legislation in the case of emails.

Please read this reference [cornell.edu]. Those definitions apply to "CHAPTER 119--WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND INTERCEPTION OF ORAL COMMUNICATIONS". (sorry for the ALL CAPS, just copy/pasted the title).

Notice that both telephone AND email communications (specifically noted for this discussion is definition #17) are listed. Most of Chapter 119 have them used together, meaning that they do have "similar legislation".

In addition to that, the police do not need a warrant if they have permission from the owner.

Generally, an owner is defined as the only person that can (legally) willfully give away something. Here, this is specified in (3)(b)(ii) [cornell.edu]: "with the lawful consent of the originator or any addressee or intended recipient of such communication." Nobody else can do that: so the originator, addressee or recipient are the owners.

A custodian can usually be used to bypass directly involving the owner, usually for practical reasons. Using your car analogy, the owner is not necessarily in the car (could be a relative, rental company or employer) and the driver can still consent to a warrant-less search.

But, in this case, the ISP is treated as sort of a restricted custodian of the data: if they unintentionally obtain evidence of a crime, they can report it; if they are compelled to give up the data (such as a warrant); etc. But they can't just give it away.